summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/common-LDAP/templates/etc/ldap/database.ldif.j214
1 files changed, 11 insertions, 3 deletions
diff --git a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
index 874bd9d..7d841b8 100644
--- a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
+++ b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
@@ -71,51 +71,59 @@ olcDbConfig: set_cachesize 0 5242880 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
# The root user has all rights on the whole database (when SASL-binding
# on a UNIX socket).
olcRootDN: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
# Ensure that all DIT access is made according to the LDAPv3 protocol,
# and must use 1/ authentication, and 2/ SASL or TLS. (Local clients
# should use ldapi:// and SASL/EXERNAL, while remote clients should use
# TLS.)
# XXX: olcRequires: none LDAPv3 authc strong
olcRequires: none LDAPv3 authc
olcSecurity: simple_bind=128 ssf=128 update_ssf=128
#
#
########################################################################
# Performance considerations
#
# To reindex an existing database, you have to
# * Stop slapd sudo service slapd stop
-# * Reindex su openldap -c "slapindex -b 'dc=fripost,dc=org'"
+# * Reindex sudo -u openldap slapindex -b 'dc=fripost,dc=org'
# * Restart slapd sudo service slapd start
#
olcDbIndex: objectClass eq
# Let us make Postfix's life easier.
-{% if 'MX' in group_names or 'MDA' in group_names %}
+{% if 'LDAP-provider' in group_names %}
+olcDbIndex: fvd,fvl eq,sub
+olcDbIndex: fripostIsStatusActive eq
+{% elif 'MX' in group_names or 'MDA' in group_names %}
olcDbIndex: fripostIsStatusActive,fvd,fvl eq
{% endif %}
-{% if 'MX' in group_names %}
+{% if 'LDAP-provider' in group_names %}
+olcDbIndex: fripostOptionalMaildrop,fripostMaildrop eq,sub
+olcDbIndex: fripostCanAddAlias,fripostCanAddList,fripostOwner,fripostPostmaster,fripostListManager eq
+{% elif 'MX' in group_names %}
olcDbIndex: fripostOptionalMaildrop pres
{% endif %}
+{% if 'LDAP-provider' in group_names %}
+{% endif %}
{% if ('LDAP-provider' not in group_names and
('MX' in group_names or 'lists' in group_names)) or
'LDAP-provider' in group_names and
(groups.MX | difference([inventory_hostname]) or
groups.lists | difference([inventory_hostname])) %}
# SyncProv/SyncRepl specific indexing.
olcDbIndex: entryCSN,entryUUID eq
{% endif%}
#
#
# References
# - https://wiki.zimbra.com/wiki/OpenLDAP_Performance_Tuning_5.0
# - http://www.openldap.org/doc/admin24/tuning.html
# - http://www.openldap.org/faq/data/cache/42.html
# - http://www.openldap.org/faq/data/cache/136.html
# - http://www.zytrax.com/books/ldap/apa/indeces.html
#
#
########################################################################
# Sync Replication
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-07 09:29:46 +0000